Method for electronic signing of a documen with a predetermined secret key

ABSTRACT

The present invention relates to a method for electronic signing of a document with a predetermined secret key (x), the method being characterized in that it comprises the implementation of steps of:
         (a) Drawing a pair formed by a first internal state (s 1   i ) and a white-box implementation (WB i ) of a modular arithmetic operation, from among a set of predetermined pairs ({(s 1   i ,WB i )} i∈[0,n-1] ) each for one nonce (k i ), said first internal state (s 1   i ) being a function of the nonce (k i ) and said modular arithmetic operation being a function of the first internal state (s 1   i ), of the nonce (k i ) and of the secret key (x);   (b) Determining a second internal state (s 2   i ) by application of said drawn white-box implementation (WB i ) to a condensate of the document obtained via a given hash function;   (c) Generating an electronic signature of the document from the first internal state (s 1   i ) of the drawn pair and from the second determined internal state (s 2   i ), and deleting the drawn pair of said set of pairs ({(s 1   i ,WB i )} i∈[0,n-1] ).

GENERAL TECHNICAL FIELD

The present invention relates to the field of cryptography and in particular a signature method of “white-box” type.

STATE OF THE ART

A function is considered to be “black-box” when it is impossible to access its internal functioning i.e. it is possible to have knowledge of the inputs and outputs thereof but not its secret parameters or intermediate states.

Cryptographic algorithms (e.g. for encryption or signature) are conventionally assumed to be black-boxes when evaluating the reliability thereof (resistance to attacks).

A black-box hypothesis requires strong restrictions for storage and handling of these parameters. However, tools have recently been published allowing the automation of attacks on hardware implementation, called side channel attacks or fault-injection attacks.

At the current time, in numerous cases of use including payment by mobile, it is necessary to deploy cryptographic algorithms with the least number of hypotheses possible concerning the security of the target material. Secure storage and handling of secret parameters must therefore be ensured at application level.

So-called white-box cryptography is aimed at meeting this challenge by proposing implementation of cryptographic algorithms that are meant to make the extraction of secrets impossible, even in the event of attack providing an attacker with full access to software implementation of the algorithm. More specifically, a function is considered to be “white-box” when its mechanisms are visible allowing understanding of the functioning thereof. In other words, the hypothesis is directly made that attackers have access to everything they want (the binary is fully visible and can be modified by an attacker who has full control over the execution platform). As a result, implementation itself is the only line of defence. The term “white-box implementation” is used for elementary computation of the algorithm when this computation is able to be represented in secure form avoiding plaintext use of keys, for example by representing the computation via a table stored in memory.

For example, a method was proposed in application US2016/328543 aimed at hiding the inputs and outputs of a modular exponentiation function, allowing improved security of cryptographic algorithms such as RSA (Rivest, Shamir, Adleman).

However, it has been shown that this method is not sufficient to ensure satisfactory protection of the Digital Signature Algorithm (DSA).

The computing of a DSA signature pre-assumes that a public key (p,q,g,y) and a private key x have been associated with the user. The method for generating these keys is composed of the following different steps:

-   -   Choosing a prime number p of length L such that 512≤L≤1024, and         L is divisible by 64;     -   Choosing a prime number q of 160 bits, such that p−1=qc, with c         being an integer;     -   Choosing h with 1<h<p−1 to construct g, so that g=h^(c) mod p>1;     -   Randomly generating an x, with 0<x<q;     -   Computing y=g^(x) mod p.

The DSA signature of a message m starts with computation of a hash H(m) (using a standard hash function such as SHA256) and continues with the computing of two values s₁ and s₂ such that:

-   -   s_(i)=(g^(k) mod p) mod q     -   s₂=(H(m)+s₁x)k⁻¹ mod q     -   where k is a datum called nonce (i.e. an arbitrary number i.e. a         “number used once”) that must be randomly drawn for each new         signature.

The signature is (s₁,s₂).

As explained, it is possible to obtain white-box implementations of each of the computing functions of the internal states s₁ and s₂ by hiding the modular exponentiation.

However, with the same application of white-box implementation of s₂ to two different data z and z′ (e.g. the condensates of two different messages) while forcing reuse of one same nonce k (which is normally impossible except under a white-box attack with access to the equipment), it is possible via computing of s₂(z)−s₂(z′) to retrieve x. This is called a “restart attack”.

It would therefore be desirable to have available a novel solution for “white-box” signatures using a standard mechanism such as DSA, that is fully resistant to any known attacks.

SUMMARY OF THE INVENTION

In a first aspect, the present invention relates to a method for electronic signing of a document with a predetermined secret key, the method being characterized in that it comprises the implementation, by data processing means of equipment, of steps of:

-   -   (a) Drawing a pair formed by a first internal state and a         white-box implementation of a modular arithmetic operation, from         among a set of predetermined pairs each for one nonce, said set         of pairs being stored on data storage means of the equipment,         said first internal state being a function of the nonce and said         modular arithmetic operation being a function of the first         internal state, of the nonce and of the secret key;     -   (b) Determining a second internal state by application of said         drawn white-box implementation to a condensate of the document         obtained via a given hash function;     -   (c) Generating an electronic signature of the document from the         first internal state of the drawn pair and from the second         determined internal state and deleting the drawn pair of said         set of pairs.

According to other nonlimiting, advantageous characteristics:

-   -   said modular arithmetic operation is z         (z+s₁ ^(i)x)k_(i) ⁻¹ mod q, where s₁ ^(i) is the first internal         state, k_(i) the nonce, x the secret key and q a constant;     -   s₁ ^(i)=(g^(k) ^(i) mod p) mod q, where g and p are constants;     -   the signature is the pair (s₁ ^(i),s₂ ^(i)) of the first and         second internal states;     -   the method comprises a prior step (a0) to generate said set of         pairs by data processing means of a server, and transmission         thereof to the equipment;     -   step (a0) comprises the generation of a plurality of nonces,         followed by the generation of the pair for each nonce;     -   step (a0) comprises the prior generation of the constants p,q,g         conforming to the DSA algorithm;     -   step (a0) also comprises the prior generation of the secret key         and of an associated public key as a function of the constants         p,q,g;     -   said white-box implementations use a Residue Number System, RNS,         to perform said modular arithmetic operation;     -   the method comprises a subsequent step (d) by the data         processing means of the equipment to associate the generated         electronic signature with the document to form the signed         document.

In a second and third aspect, the invention proposes a computer program product comprising code instructions to execute a method according to the first aspect for electronic signing of a document with a predetermined secret key; and storage means readable by computing equipment on which a computer program product comprises code instructions to execute a method according to the first aspect for electronic signing of a document with a predetermined secret key.

PRESENTATION OF THE FIGURES

Other characteristics and advantages of the present invention will become apparent on reading the following description of a preferred embodiment. This description is given with reference to the appended drawings in which:

FIG. 1 is a diagram of an architecture for implementation of the method of the invention.

DETAILED DESCRIPTION Architecture

With reference to FIG. 1, a method is proposed for the “white-box” signature of a document, implemented on equipment 10 a such as a mobile terminal (smartphone, tablet computer, etc.) i.e. an item of equipment not having any particularly secure material and that may be the subject of side channel attack, for which the white-box approach shows its advantage.

The equipment 10 a comprises data processing means 11 a (a processor) and data storage means 12 a (a memory e.g. flash memory).

The equipment 10 a is connected for example to a server 10 b e.g. via the internet 20. From this server 10 b (e.g. the server of a provider of security solutions) it may need to receive cryptographic objects (described below) containing secrets to be stored in the memory 12 a and used to implement the present method.

The equipment 10 a may itself be connected to other third-party servers 10 c to which it may transmit the signed document once it has generated the electronic signature.

Signature Method

The present method is indeed a method for “generating an electronic signature for a document”, and not “for signing a document”. This means that it only allows the electronic signature of the document to be obtained and not the “signed document” i.e. the association of the original document and the signature, generally in any container.

By “electronic signature” of a document is meant the conventional definition of the term, namely a cryptographic primitive allowing identification of the signatory and guaranteeing that document has not been altered since the time the signature was produced and is indeed the original document (in the remainder of the present description the term “original” designates the document from which the condensate is truly derived). This cryptographic object is generally an encryption of the document condensate obtained by means of an asymmetric encryption function: the signatory uses a private key, and the signature can be verified by everyone by means of a public key (by comparing the condensate contained in the signature with a recalculated condensate).

It will be understood that the present method is a novel implementation of known algorithms using modular arithmetic operations (i.e. operations comprising computation over a modulus, in particular modular exponentiations), in particular DSA which is the current standard and shall be used as an example in the remainder of the description. More specifically, it does not propose a novel signature strategy but only a new manner in which to handle data within the algorithm, that is resistant to all side channel “white-box” attacks.

The document is associated with a condensate obtained via a given hash function.

As explained, a hash function uses as input a message of arbitrary size (the original document) and produces a condensate of fixed size associated with this message. Here, said given hash function is advantageously a so-called cryptographic function i.e. having additional properties: the condensate is statistically well distributed over all the input values, it is impossible within a reasonable time to find two messages having the same condensate (collision resistance) and it is not possible from the condensate to find a message which allowed this value to be obtained (pre-image resistance).

The example will be taken of functions in the SHA family (Secure Hash Algorithm), standardized by the National Institute of Standards and Technology (NIST), in particular the sub-families SHA-1 or SHA-2 (particularly SHA-256).

Principle

The present invention, for one same pair of public/private keys, proposes pre-computing several values of a first internal state s₁ ^(i) each one for a nonce k_(i), followed by white-box implementation WB_(i) of a modular arithmetic operation used by the signature algorithm for each of the nonces k_(i), said modular arithmetic operation being a function of the first internal state s₁ ^(i), of the nonce k_(i) and of the secret key x. It is recalled that by “white-box implementation” of an operation it is meant a representation of the operation which does not allow reverse engineering back to the internal state or to the parameters when the operation is executed (by application of white-box implementation to the input data).

Therefore, a set of pairs {(s₁ ^(i),WB_(i))}_(i∈[0,n-1]) of the first internal state s₁ ^(i) and of white-box implementation WB_(i) of the modular arithmetic operation are predefined and stored on the data storage means 12 a of the equipment 10 a.

In other words, for fixed public/private keys, each pair (s₁ ^(i),WB_(i)) is fully determined by the nonce k_(i): drawing a nonce is equivalent to drawing a pair. The nonce k_(i) is therefore not an input datum of white-box implementation WB_(i) but an “encapsulated” parameter which cannot be reverse engineered by an attacker.

Preferably, said set of pairs {(s₁ ^(i),WB_(i))}_(i∈[0,n-1]) is generated by the data processing means 11 b of the server 1 b, and transmitted for storage in the equipment 10 a at a prior step (a0).

This generation may comprise the generating of the plurality of nonces {k_(i)}_(i∈[0,n-1]), followed by generation of the pair (s₁ ^(i),WB_(i)) for each nonce k_(i) so as to define the set {(s₁ ^(i),WB_(i))}_(i∈[0,n-1].)

The properties expected from the application of white-box implementation mean that observation of the executing of white-box implementation WB_(i) must not allow retracing of the values of the secret key x and of the nonce k_(i) embedded in the computation. It is sufficient therefore only to allow one-time use of each WB_(i) to prevent tracing back to k_(i) and thereby prevent restart attacks. With the proposed signature method, it is therefore possible to resist an attacker using observation of intermediate states (for example using a malicious application running on the mobile).

White-box implementations WB_(i) (and hence the pairs of a first state and of a white-box implementation) are therefore deleted after use to prevent any possible attack.

Preferred Embodiment

In the example in which the signature algorithm conforms to DSA, s₁ ^(i) can be equivalent to (g^(k) ^(i) mod p) mod q, where g, p and q are constants (in particular prime numbers for p and q).

Similarly, said modular arithmetic operation represented by white-box implementation WB_(i) can be z

(z+s₁ ^(i)x)k_(i) ⁻¹ mod q. It is easy to verify that this computation corresponds to that of s₂ ^(i) associated with previously generated s₁ ^(i), for a condensate value z of the message.

The values p,q,g are preferably predetermined conforming to the DSA algorithm, in particular by the data processing means 11 b of the server 10 b at the prior step (a0).

It is recalled that in DSA, (p,q,g,y) forms a public key generated with a private key x in the following manner:

-   -   Choosing a prime number p of length L such that 512≤L≤1024, and         L is divisible by 64;     -   Choosing a prime number q of 160 bits, such that p−1=qc, with c         being an integer;     -   Choosing h, with 1<h<p−1 so that g=h^(c) mod p>1;     -   Randomly generating an x, with 0<x<q     -   Computing y=g^(x) mod p

Persons skilled in the art will understand however that the present method is not limited to DSA and gives satisfaction for any signature algorithm comprising a modular arithmetic operation that is a function of a first internal state, of a nonce and of a secret key.

Implementation

The present method is implemented by the data processing means 11 a of equipment 10 a and starts with step (a) to draw a pair formed by a first internal state s₁ ^(i) and a white-box implementation WB_(i) of a modular arithmetic operation, from among said set of predetermined pairs {(s₁ ^(i),WB_(i))}_(i∈[0,n-1]) stored on data storage means 12 a of the equipment 10 a.

This drawing may be random or sequential, it amounts to drawing a nonce k_(i) since each pair (s₁ ^(i),WB_(i)) is fully determined by the nonce k_(i) from which it was generated.

At step (b), a second internal state s₂ ^(i) is determined by application of said drawn white-box implementation WB_(i) to a condensate H(m) of the document m (obtained via a given hash function such as SHA256). In other words, z=H(m) is used.

From here, at a third step (c), the electronic signature of the document can be generated from the first internal state s₁ ^(i) of the drawn pair and from the second internal state s₂ ^(i) determined at step(b). In the preferred example of DSA, the signature is simply (s₁ ^(i),s₂ ^(i)).

Step (c), as explained, also comprises deletion of the pair drawn from said set of pairs {(s₁ ^(i),WB_(i))}_(i∈[0,n-1]) (before or after generation of the signature) to prevent restart attacks.

Additionally, the method may comprise a subsequent step (d) performed by the data processing means 11 a of the equipment 10 a to associate the electronic signature with the document to form the signed document. This electronic signature can be legally invoked by the equipment 10 a with other entities (servers 10 c).

White-Box Implementation

The white-box implementation of modular arithmetic operations is known to skilled persons.

However, the application of white-box implementation to execute the represented operation may be lengthy, in particular if said modular arithmetic operation comprises modular exponentiations.

In this respect, preferably said white-box implementations WB_(i) use a Residue Number System (RNS) to perform said modular arithmetic operation.

More specifically, the principle of RNS implementation allows the decomposing of moduli computations of a given value into moduli computation of smaller prime numbers, the product of which is greater than said given value (using the Chinese Remainder Theorem).

For example, those skilled in the art may proceed as described in application US2016/239267.

Computer Program Product

In second and third aspects, the invention relates to a computer program product comprising code instructions for execution (in particular on the data processing means 11 a of the equipment 10 a) of a method according to the first aspect of the invention for electronic signing of a document with a predetermined secret key x, and to storage means readable by computing equipment (memory 12 a of the equipment 10 a) on which this computer program product is installed. 

1. Method for electronic signing of a document with a predetermined secret key, x, the method being characterized in that it comprises the implementation, by a data processor of equipment, of steps of: (a) Drawing a pair formed by a first internal state, s₁ ^(i), and a white-box implementation, WB_(i), of a modular arithmetic operation, from among a set of predetermined pairs, {(s₁ ^(i),WB_(i))}_(i∈[0,n-1]), each for one nonce, k_(i), said set of pairs {(s₁ ^(i),WB_(i))}_(i∈[0,n-1]) being stored on a memory of the equipment, said first internal state s₁ ^(i) being a function of the nonce k_(i) and said modular arithmetic operation being a function of the first internal state s₁ ^(i), of the nonce k_(i) and of the secret key x; (b) Determining a second internal state, s₂ ^(i), by application of said drawn white-box implementation WB_(i) to a condensate of the document obtained via a given hash function; (c) Generating an electronic signature of the document from the first internal state s₁ ^(i) of the drawn pair and from the second determined internal state s₂ ^(i), and deleting the drawn pair of said set of pairs {(s₁ ^(i) _(i))}_(i∈[0,n-1]).
 2. The method according to claim 1, wherein said modular arithmetic operation is z

(z+s₁ ^(i)x)k_(i) ⁻¹ mod q, where s₁ ^(i) is the first internal state, k_(i) the nonce, x the secret key and q a constant.
 3. The method according to claim 2, wherein s₁ ^(i)=(g^(k) ^(i) mod p) mod q, where g and p are constants.
 4. The method according to claim 1, wherein the signature is the pair (s₁ ^(i),s₂ ^(i)) of the first and second internal states.
 5. The method according to claim 1, comprising a prior step (a0) to generate said set of pairs {(s₁ ^(i),WB_(i))}_(i∈[0,n-1]) by a data processor of a server, and transmission thereof to the equipment.
 6. The method according to claim 5, wherein step (a0) comprises the generation of a plurality of nonces {k_(i)}_(i∈[0,n-1]), followed by the generation of the pair (s₁ ^(i),WB_(i)) for each nonce k_(i).
 7. The method according to claims 3 and 6 in combination, wherein step (a0) comprises the prior generation of the constants p,q,g conforming to the DSA algorithm.
 8. The method according to claim 7, wherein step (a0) also comprises the prior generation of the secret key x and of an associated public key as a function of the constants p,q,g.
 9. The method according to claim 1, wherein said white-box implementations WB_(i) use a Residue Number System, RNS, to perform said modular arithmetic operation.
 10. The method according to claim 1, comprising a subsequent step (d) by the data processor of the equipment to associate the generated electronic signature with the document to form the signed document.
 11. Equipment comprising a memory and a data processor implementing a method according to claim 1 for electronic signing of a document with a predetermined secret key, x.
 12. Non transitory computer readable medium comprising sored thereon code instructions to execute a method according to claim 1 for electronic signing of a document with a predetermined secret key, x. 